From 09a6d432f12880b45f959a8058cccf2da7d6293d Mon Sep 17 00:00:00 2001 From: andryyy Date: Thu, 15 Jun 2017 23:03:21 +0200 Subject: [PATCH] Fixes #364 --- data/web/js/admin.js | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/data/web/js/admin.js b/data/web/js/admin.js index 601bd67a..fe89c4ae 100644 --- a/data/web/js/admin.js +++ b/data/web/js/admin.js @@ -1,4 +1,20 @@ jQuery(function($){ + // http://stackoverflow.com/questions/24816/escaping-html-strings-with-jquery + var entityMap = { + '&': '&', + '<': '<', + '>': '>', + '"': '"', + "'": ''', + '/': '/', + '`': '`', + '=': '=' + }; + function escapeHtml(string) { + return String(string).replace(/[&<>"'`=\/]/g, function (s) { + return entityMap[s]; + }); + } function unix_time_format(tm) { var date = new Date(tm ? tm * 1000 : 0); return date.toLocaleString(); @@ -47,6 +63,7 @@ jQuery(function($){ }, success: function (data) { $.each(data, function (i, item) { + item.message = escapeHtml(item.message); var danger_class = ["emerg", "alert", "crit"]; var warning_class = ["warning"]; var info_class = ["notice", "info", "debug"]; @@ -97,6 +114,7 @@ jQuery(function($){ var danger_class = ["emerg", "alert", "crit"]; var warning_class = ["warning"]; var info_class = ["notice", "info", "debug"]; + item.message = escapeHtml(item.message); if (jQuery.inArray(item.priority, danger_class) !== -1) { item.priority = '' + item.priority + ''; } @@ -144,6 +162,7 @@ jQuery(function($){ var danger_class = ["emerg", "alert", "crit"]; var warning_class = ["warning"]; var info_class = ["notice", "info", "debug"]; + item.message = escapeHtml(item.message); if (jQuery.inArray(item.priority, danger_class) !== -1) { item.priority = '' + item.priority + ''; }